я пытаюсь fail2ban на моих серверах зарегистрировано не менее 10 раз, большую часть времени он не запретить IPне Fail2ban работает или не запретить IP после Логина сбоя
В моей jail.local
[ssh]
enabled = true
port = ssh,some_port_number
filter = sshd
logpath = /var/log/auth.log
maxretry = 2
bantime = 180
и на моем сервер я установить fail2ban и настроить с помощью этого в моем файле ш
sudo apt-get -y install fail2ban
sudo cp custom_jail.local /etc/fail2ban/jail.local
sudo service fail2ban restart
, а также я установить RepeatedMsgReduction от в rsyslog.conf и запустить эту службу Rsyslog перезапуске
после SSH Логин не в состоянии (предел maxretry) я все еще могу войти не запретить мой IP
auth.log
Jun 20 21:17:29 localhost sshd[4705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip user=username
Jun 20 21:17:32 localhost sshd[4705]: Failed password for username from ip port 36472 ssh2
Jun 20 21:17:36 localhost sshd[4705]: Failed password for username from ip port 36472 ssh2
Jun 20 21:17:41 localhost sshd[4705]: Failed password for username from ip port 36472 ssh2
Jun 20 21:17:41 localhost sshd[4705]: Connection closed by ip [preauth]
fail2ban .log
2015-06-20 21:15:07,186 fail2ban.jail : INFO Jail 'ssh' stopped
2015-06-20 21:15:07,209 fail2ban.jail : INFO Jail 'ssh-ddos' stopped
2015-06-20 21:15:07,210 fail2ban.server : INFO Exiting Fail2ban
2015-06-20 21:15:07,790 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.11
2015-06-20 21:15:07,791 fail2ban.jail : INFO Creating new jail 'ssh'
2015-06-20 21:15:07,821 fail2ban.jail : INFO Jail 'ssh' uses pyinotify
2015-06-20 21:15:07,846 fail2ban.jail : INFO Initiated 'pyinotify' backend
2015-06-20 21:15:07,848 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2015-06-20 21:15:07,849 fail2ban.filter : INFO Set maxRetry = 2
2015-06-20 21:15:07,850 fail2ban.filter : INFO Set findtime = 600
2015-06-20 21:15:07,850 fail2ban.actions: INFO Set banTime = 180
2015-06-20 21:15:07,884 fail2ban.jail : INFO Creating new jail 'ssh-ddos'
2015-06-20 21:15:07,884 fail2ban.jail : INFO Jail 'ssh-ddos' uses pyinotify
2015-06-20 21:15:07,891 fail2ban.jail : INFO Initiated 'pyinotify' backend
2015-06-20 21:15:07,893 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2015-06-20 21:15:07,894 fail2ban.filter : INFO Set maxRetry = 2
2015-06-20 21:15:07,894 fail2ban.filter : INFO Set findtime = 600
2015-06-20 21:15:07,895 fail2ban.actions: INFO Set banTime = 180
2015-06-20 21:15:07,901 fail2ban.jail : INFO Jail 'ssh' started
2015-06-20 21:15:07,907 fail2ban.jail : INFO Jail 'ssh-ddos' started